Black Hat Asia 2017

Tuesday, March 28, 2017 in 5 months Singapore, Singapore

MWR is pleased to announce that Marco Lancini will be running an iOS workshop at Black Hat Asia 2017.


Event Description

Black Hat is the most technical and relevant global information security event series in the world. For more than 18 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.

From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, the Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.

Talk presented by MWR

  • Time:
  • Room:
  • Topic: Offensive iOS Exploitation
  • Speakers: Marco Lancini
  • Description: This is an exercise-driven training course that uses detailed tutorials to guide you through all the steps necessary to exploit a real iOS application, and in the process, provide you with an understanding of the modern attacker’s mind-set and capabilities. This course will cover iOS hacking, from the basics of vulnerability hunting on the platform to advanced exploitation techniques. At its conclusion, we will have imparted the information necessary to develop secure and robust applications.

    This is a technical course suitable for those interested in mobile application security. The training does not require any prior security knowledge in order to benefit fully from the course, as the content covers all of the basics necessary to understand advanced concepts. However, a working knowledge of iOS is a prerequisite and it is recommended that you are familiar with the syntax and structure of an iOS application, basic internal and external communications as well as accessing resources from an application.

    In addition, this workshop will use MWR's newly released "Needle" to identify and exploit all the common mobile application security flaws, over and above the OWASP Mobile Top Ten. Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections.​ The only requirement in order to run Needle effectively is a jailbroken device. We will also demonstrate how Needle can be used to find vulnerabilities in iOS applications from both a black-box and white-box perspective (if source code is provided).

    Other take-aways will include how to develop secure mobile applications that can withstand advanced attacks, how hackers attack mobile applications and iOS devices, and the most up to date and effective secure coding practices.

    Delegates are suggested to bring their own jailbroken iOS device (running iOS >= 8.4) to fully enjoy the course, as these won't be provided. It has to be noted that, even if a device isn't essential, as practical examples will be delivered by the Instructor, this is however recommended to fully engage in the course.




As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
We are certified in the ISO 9001 quality management system (QMS) in the UK, ensuring reliable delivery of our products and services.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.